static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw, struct sk_buff *skb, struct netlink_callback *cb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int idx, length; if (priv->testmode_mem.read_in_progress) { idx = cb->args[4]; if (idx >= priv->testmode_mem.num_chunks) { iwl_mem_cleanup(priv); return -ENOENT; } length = DUMP_CHUNK_SIZE; if (((idx + 1) == priv->testmode_mem.num_chunks) && (priv->testmode_mem.buff_size % DUMP_CHUNK_SIZE)) length = priv->testmode_mem.buff_size % DUMP_CHUNK_SIZE; NLA_PUT(skb, IWL_TM_ATTR_BUFFER_DUMP, length, priv->testmode_mem.buff_addr + (DUMP_CHUNK_SIZE * idx)); idx++; cb->args[4] = idx; return 0; } else return -EFAULT; nla_put_failure: return -ENOBUFS; }
int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb, struct netlink_callback *cb, void *data, int len) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int result; u32 cmd; if (cb->args[3]) { /* offset by 1 since commands start at 0 */ cmd = cb->args[3] - 1; } else { struct nlattr *tb[IWL_TM_ATTR_MAX]; result = iwl_test_parse(&priv->tst, tb, data, len); if (result) return result; cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]); cb->args[3] = cmd + 1; } /* in case multiple accesses to the device happens */ mutex_lock(&priv->mutex); result = iwl_test_dump(&priv->tst, cmd, skb, cb); mutex_unlock(&priv->mutex); return result; }
/* * This function handles the user application commands for SRAM data dump * * It retrieves the mandatory fields IWL_TM_ATTR_SRAM_ADDR and * IWL_TM_ATTR_SRAM_SIZE to decide the memory area for SRAM data reading * * Several error will be retured, -EBUSY if the SRAM data retrieved by * previous command has not been delivered to userspace, or -ENOMSG if * the mandatory fields (IWL_TM_ATTR_SRAM_ADDR,IWL_TM_ATTR_SRAM_SIZE) * are missing, or -ENOMEM if the buffer allocation fails. * * Otherwise 0 is replied indicating the success of the SRAM reading. * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_indirect_mem(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); u32 addr, size, cmd; unsigned char *buf; /* Both read and write should be blocked, for atomicity */ if (priv->testmode_mem.read_in_progress) return -EBUSY; cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]); if (!tb[IWL_TM_ATTR_MEM_ADDR]) { IWL_ERR(priv, "Error finding memory offset address\n"); return -ENOMSG; } addr = nla_get_u32(tb[IWL_TM_ATTR_MEM_ADDR]); if (!tb[IWL_TM_ATTR_BUFFER_SIZE]) { IWL_ERR(priv, "Error finding size for memory reading\n"); return -ENOMSG; } size = nla_get_u32(tb[IWL_TM_ATTR_BUFFER_SIZE]); if (cmd == IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ) return iwl_testmode_indirect_read(priv, addr, size); else { if (!tb[IWL_TM_ATTR_BUFFER_DUMP]) return -EINVAL; buf = (unsigned char *) nla_data(tb[IWL_TM_ATTR_BUFFER_DUMP]); return iwl_testmode_indirect_write(priv, addr, size, buf); } }
static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, struct sk_buff *skb, struct netlink_callback *cb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int idx, length; if (priv->testmode_trace.trace_enabled && priv->testmode_trace.trace_addr) { idx = cb->args[4]; if (idx >= priv->testmode_trace.num_chunks) return -ENOENT; length = DUMP_CHUNK_SIZE; if (((idx + 1) == priv->testmode_trace.num_chunks) && (priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE)) length = priv->testmode_trace.buff_size % DUMP_CHUNK_SIZE; NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length, priv->testmode_trace.trace_addr + (DUMP_CHUNK_SIZE * idx)); idx++; cb->args[4] = idx; return 0; } else return -EFAULT; nla_put_failure: return -ENOBUFS; }
/* The testmode gnl message handler that takes the gnl message from the * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then * invoke the corresponding handlers. * * This function is invoked when there is user space application sending * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated * by nl80211. * * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before * dispatching it to the corresponding handler. * * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application; * -ENOSYS is replied to the user application if the command is unknown; * Otherwise, the command is dispatched to the respective handler. * * @hw: ieee80211_hw object that represents the device * @data: pointer to user space message * @len: length in byte of @data */ int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len) { struct nlattr *tb[IWL_TM_ATTR_MAX]; struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int result; result = iwl_test_parse(&priv->tst, tb, data, len); if (result) return result; /* in case multiple accesses to the device happens */ mutex_lock(&priv->mutex); switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { case IWL_TM_CMD_APP2DEV_UCODE: case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32: case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8: case IWL_TM_CMD_APP2DEV_BEGIN_TRACE: case IWL_TM_CMD_APP2DEV_END_TRACE: case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ: case IWL_TM_CMD_APP2DEV_NOTIFICATIONS: case IWL_TM_CMD_APP2DEV_GET_FW_VERSION: case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID: case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_WRITE: result = iwl_test_handle_cmd(&priv->tst, tb); break; case IWL_TM_CMD_APP2DEV_GET_DEVICENAME: case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW: case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB: case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW: case IWL_TM_CMD_APP2DEV_GET_EEPROM: case IWL_TM_CMD_APP2DEV_FIXRATE_REQ: case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW: case IWL_TM_CMD_APP2DEV_GET_FW_INFO: IWL_DEBUG_INFO(priv, "testmode cmd to driver\n"); result = iwl_testmode_driver(hw, tb); break; case IWL_TM_CMD_APP2DEV_OWNERSHIP: IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n"); result = iwl_testmode_ownership(hw, tb); break; default: IWL_ERR(priv, "Unknown testmode command\n"); result = -ENOSYS; break; } mutex_unlock(&priv->mutex); if (result) IWL_ERR(priv, "Test cmd failed result=%d\n", result); return result; }
static int iwl_testmode_notifications(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); bool enable; enable = nla_get_flag(tb[IWL_TM_ATTR_ENABLE_NOTIFICATION]); if (enable) priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt; else priv->pre_rx_handler = NULL; return 0; }
int iwlagn_mac_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *skb, struct netlink_callback *cb, void *data, int len) { struct nlattr *tb[IWL_TM_ATTR_MAX]; struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int result; u32 cmd; if (cb->args[3]) { /* offset by 1 since commands start at 0 */ cmd = cb->args[3] - 1; } else { result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len, iwl_testmode_gnl_msg_policy); if (result) { IWL_ERR(priv, "Error parsing the gnl message : %d\n", result); return result; } /* IWL_TM_ATTR_COMMAND is absolutely mandatory */ if (!tb[IWL_TM_ATTR_COMMAND]) { IWL_ERR(priv, "Missing testmode command type\n"); return -ENOMSG; } cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]); cb->args[3] = cmd + 1; } /* in case multiple accesses to the device happens */ mutex_lock(&priv->mutex); switch (cmd) { case IWL_TM_CMD_APP2DEV_READ_TRACE: IWL_DEBUG_INFO(priv, "uCode trace cmd to driver\n"); result = iwl_testmode_trace_dump(hw, skb, cb); break; case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_DUMP: IWL_DEBUG_INFO(priv, "testmode sram dump cmd to driver\n"); result = iwl_testmode_buffer_dump(hw, skb, cb); break; default: result = -EINVAL; break; } mutex_unlock(&priv->mutex); return result; }
/* * This function handles the user application switch ucode ownership. * * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and * decide who the current owner of the uCode * * If the current owner is OWNERSHIP_TM, then the only host command * can deliver to uCode is from testmode, all the other host commands * will dropped. * * default driver is the owner of uCode in normal operational mode * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); u8 owner; if (!tb[IWL_TM_ATTR_UCODE_OWNER]) { IWL_ERR(priv, "Missing ucode owner\n"); return -ENOMSG; } owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]); if (owner == IWL_OWNERSHIP_DRIVER) { priv->ucode_owner = owner; priv->pre_rx_handler = NULL; } else if (owner == IWL_OWNERSHIP_TM) { priv->pre_rx_handler = iwl_testmode_ucode_rx_pkt; priv->ucode_owner = owner; } else { IWL_ERR(priv, "Invalid owner\n"); return -EINVAL; } return 0; }
/* * This function handles the user application switch ucode ownership. * * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_OWNER and * decide who the current owner of the uCode * * If the current owner is OWNERSHIP_TM, then the only host command * can deliver to uCode is from testmode, all the other host commands * will dropped. * * default driver is the owner of uCode in normal operational mode * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_ownership(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); u8 owner; if (!tb[IWL_TM_ATTR_UCODE_OWNER]) { IWL_ERR(priv, "Missing ucode owner\n"); return -ENOMSG; } owner = nla_get_u8(tb[IWL_TM_ATTR_UCODE_OWNER]); if (owner == IWL_OWNERSHIP_DRIVER) { priv->ucode_owner = owner; iwl_test_enable_notifications(&priv->tst, false); } else if (owner == IWL_OWNERSHIP_TM) { priv->ucode_owner = owner; iwl_test_enable_notifications(&priv->tst, true); } else { IWL_ERR(priv, "Invalid owner\n"); return -EINVAL; } return 0; }
/* The testmode gnl message handler that takes the gnl message from the * user space and parses it per the policy iwl_testmode_gnl_msg_policy, then * invoke the corresponding handlers. * * This function is invoked when there is user space application sending * gnl message through the testmode tunnel NL80211_CMD_TESTMODE regulated * by nl80211. * * It retrieves the mandatory field, IWL_TM_ATTR_COMMAND, before * dispatching it to the corresponding handler. * * If IWL_TM_ATTR_COMMAND is missing, -ENOMSG is replied to user application; * -ENOSYS is replied to the user application if the command is unknown; * Otherwise, the command is dispatched to the respective handler. * * @hw: ieee80211_hw object that represents the device * @data: pointer to user space message * @len: length in byte of @data */ int iwlagn_mac_testmode_cmd(struct ieee80211_hw *hw, void *data, int len) { struct nlattr *tb[IWL_TM_ATTR_MAX]; struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); int result; result = nla_parse(tb, IWL_TM_ATTR_MAX - 1, data, len, iwl_testmode_gnl_msg_policy); if (result != 0) { IWL_ERR(priv, "Error parsing the gnl message : %d\n", result); return result; } /* IWL_TM_ATTR_COMMAND is absolutely mandatory */ if (!tb[IWL_TM_ATTR_COMMAND]) { IWL_ERR(priv, "Missing testmode command type\n"); return -ENOMSG; } /* in case multiple accesses to the device happens */ mutex_lock(&priv->mutex); switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { case IWL_TM_CMD_APP2DEV_UCODE: IWL_DEBUG_INFO(priv, "testmode cmd to uCode\n"); result = iwl_testmode_ucode(hw, tb); break; case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32: case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8: IWL_DEBUG_INFO(priv, "testmode cmd to register\n"); result = iwl_testmode_reg(hw, tb); break; case IWL_TM_CMD_APP2DEV_GET_DEVICENAME: case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW: case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB: case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW: case IWL_TM_CMD_APP2DEV_GET_EEPROM: case IWL_TM_CMD_APP2DEV_FIXRATE_REQ: case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW: case IWL_TM_CMD_APP2DEV_GET_FW_VERSION: case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID: case IWL_TM_CMD_APP2DEV_GET_FW_INFO: IWL_DEBUG_INFO(priv, "testmode cmd to driver\n"); result = iwl_testmode_driver(hw, tb); break; case IWL_TM_CMD_APP2DEV_BEGIN_TRACE: case IWL_TM_CMD_APP2DEV_END_TRACE: case IWL_TM_CMD_APP2DEV_READ_TRACE: IWL_DEBUG_INFO(priv, "testmode uCode trace cmd to driver\n"); result = iwl_testmode_trace(hw, tb); break; case IWL_TM_CMD_APP2DEV_OWNERSHIP: IWL_DEBUG_INFO(priv, "testmode change uCode ownership\n"); result = iwl_testmode_ownership(hw, tb); break; case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_READ: case IWL_TM_CMD_APP2DEV_INDIRECT_BUFFER_WRITE: IWL_DEBUG_INFO(priv, "testmode indirect memory cmd " "to driver\n"); result = iwl_testmode_indirect_mem(hw, tb); break; case IWL_TM_CMD_APP2DEV_NOTIFICATIONS: IWL_DEBUG_INFO(priv, "testmode notifications cmd " "to driver\n"); result = iwl_testmode_notifications(hw, tb); break; default: IWL_ERR(priv, "Unknown testmode command\n"); result = -ENOSYS; break; } mutex_unlock(&priv->mutex); return result; }
/* * This function handles the user application commands for uCode trace * * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the * handlers respectively. * * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned * value of the actual command execution is replied to the user application. * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); struct sk_buff *skb; int status = 0; struct device *dev = trans(priv)->dev; switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { case IWL_TM_CMD_APP2DEV_BEGIN_TRACE: if (priv->testmode_trace.trace_enabled) return -EBUSY; if (!tb[IWL_TM_ATTR_TRACE_SIZE]) priv->testmode_trace.buff_size = TRACE_BUFF_SIZE_DEF; else priv->testmode_trace.buff_size = nla_get_u32(tb[IWL_TM_ATTR_TRACE_SIZE]); if (!priv->testmode_trace.buff_size) return -EINVAL; if (priv->testmode_trace.buff_size < TRACE_BUFF_SIZE_MIN || priv->testmode_trace.buff_size > TRACE_BUFF_SIZE_MAX) return -EINVAL; priv->testmode_trace.total_size = priv->testmode_trace.buff_size + TRACE_BUFF_PADD; priv->testmode_trace.cpu_addr = dma_alloc_coherent(dev, priv->testmode_trace.total_size, &priv->testmode_trace.dma_addr, GFP_KERNEL); if (!priv->testmode_trace.cpu_addr) return -ENOMEM; priv->testmode_trace.trace_enabled = true; priv->testmode_trace.trace_addr = (u8 *)PTR_ALIGN( priv->testmode_trace.cpu_addr, 0x100); memset(priv->testmode_trace.trace_addr, 0x03B, priv->testmode_trace.buff_size); skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, sizeof(priv->testmode_trace.dma_addr) + 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); iwl_trace_cleanup(priv); return -ENOMEM; } NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR, sizeof(priv->testmode_trace.dma_addr), (u64 *)&priv->testmode_trace.dma_addr); status = cfg80211_testmode_reply(skb); if (status < 0) { IWL_ERR(priv, "Error sending msg : %d\n", status); } priv->testmode_trace.num_chunks = DIV_ROUND_UP(priv->testmode_trace.buff_size, DUMP_CHUNK_SIZE); break; case IWL_TM_CMD_APP2DEV_END_TRACE: iwl_trace_cleanup(priv); break; default: IWL_ERR(priv, "Unknown testmode mem command ID\n"); return -ENOSYS; } return status; nla_put_failure: kfree_skb(skb); if (nla_get_u32(tb[IWL_TM_ATTR_COMMAND]) == IWL_TM_CMD_APP2DEV_BEGIN_TRACE) iwl_trace_cleanup(priv); return -EMSGSIZE; }
/* * This function handles the user application commands for driver. * * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the * handlers respectively. * * If it's an unknown commdn ID, -ENOSYS is replied; otherwise, the returned * value of the actual command execution is replied to the user application. * * If there's any message responding to the user space, IWL_TM_ATTR_SYNC_RSP * is used for carry the message while IWL_TM_ATTR_COMMAND must set to * IWL_TM_CMD_DEV2APP_SYNC_RSP. * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); struct iwl_trans *trans = trans(priv); struct sk_buff *skb; unsigned char *rsp_data_ptr = NULL; int status = 0, rsp_data_len = 0; u32 devid, inst_size = 0, data_size = 0; const struct fw_img *img; switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { case IWL_TM_CMD_APP2DEV_GET_DEVICENAME: rsp_data_ptr = (unsigned char *)cfg(priv)->name; rsp_data_len = strlen(cfg(priv)->name); skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, rsp_data_len + 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_SYNC_RSP); NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP, rsp_data_len, rsp_data_ptr); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); break; case IWL_TM_CMD_APP2DEV_LOAD_INIT_FW: status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_INIT); if (status) IWL_ERR(priv, "Error loading init ucode: %d\n", status); break; case IWL_TM_CMD_APP2DEV_CFG_INIT_CALIB: iwl_testmode_cfg_init_calib(priv); priv->ucode_loaded = false; iwl_trans_stop_device(trans); break; case IWL_TM_CMD_APP2DEV_LOAD_RUNTIME_FW: status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_REGULAR); if (status) { IWL_ERR(priv, "Error loading runtime ucode: %d\n", status); break; } status = iwl_alive_start(priv); if (status) IWL_ERR(priv, "Error starting the device: %d\n", status); break; case IWL_TM_CMD_APP2DEV_LOAD_WOWLAN_FW: iwl_scan_cancel_timeout(priv, 200); priv->ucode_loaded = false; iwl_trans_stop_device(trans); status = iwl_load_ucode_wait_alive(priv, IWL_UCODE_WOWLAN); if (status) { IWL_ERR(priv, "Error loading WOWLAN ucode: %d\n", status); break; } status = iwl_alive_start(priv); if (status) IWL_ERR(priv, "Error starting the device: %d\n", status); break; case IWL_TM_CMD_APP2DEV_GET_EEPROM: if (priv->shrd->eeprom) { skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, cfg(priv)->base_params->eeprom_size + 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_EEPROM_RSP); NLA_PUT(skb, IWL_TM_ATTR_EEPROM, cfg(priv)->base_params->eeprom_size, priv->shrd->eeprom); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); } else return -EFAULT; break; case IWL_TM_CMD_APP2DEV_FIXRATE_REQ: if (!tb[IWL_TM_ATTR_FIXRATE]) { IWL_ERR(priv, "Missing fixrate setting\n"); return -ENOMSG; } priv->tm_fixed_rate = nla_get_u32(tb[IWL_TM_ATTR_FIXRATE]); break; case IWL_TM_CMD_APP2DEV_GET_FW_VERSION: IWL_INFO(priv, "uCode version raw: 0x%x\n", priv->fw->ucode_ver); skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION, priv->fw->ucode_ver); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); break; case IWL_TM_CMD_APP2DEV_GET_DEVICE_ID: devid = trans(priv)->hw_id; IWL_INFO(priv, "hw version: 0x%x\n", devid); skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); break; case IWL_TM_CMD_APP2DEV_GET_FW_INFO: skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20 + 8); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } if (!priv->ucode_loaded) { IWL_ERR(priv, "No uCode has not been loaded\n"); return -EINVAL; } else { img = &priv->fw->img[priv->shrd->ucode_type]; inst_size = img->sec[IWL_UCODE_SECTION_INST].len; data_size = img->sec[IWL_UCODE_SECTION_DATA].len; } NLA_PUT_U32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type); NLA_PUT_U32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size); NLA_PUT_U32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); break; default: IWL_ERR(priv, "Unknown testmode driver command ID\n"); return -ENOSYS; } return status; nla_put_failure: kfree_skb(skb); return -EMSGSIZE; }
/* * This function handles the user application commands for register access. * * It retrieves command ID carried with IWL_TM_ATTR_COMMAND and calls to the * handlers respectively. * * If it's an unknown commdn ID, -ENOSYS is returned; or -ENOMSG if the * mandatory fields(IWL_TM_ATTR_REG_OFFSET,IWL_TM_ATTR_REG_VALUE32, * IWL_TM_ATTR_REG_VALUE8) are missing; Otherwise 0 is replied indicating * the success of the command execution. * * If IWL_TM_ATTR_COMMAND is IWL_TM_CMD_APP2DEV_REG_READ32, the register read * value is returned with IWL_TM_ATTR_REG_VALUE32. * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); u32 ofs, val32, cmd; u8 val8; struct sk_buff *skb; int status = 0; if (!tb[IWL_TM_ATTR_REG_OFFSET]) { IWL_ERR(priv, "Missing register offset\n"); return -ENOMSG; } ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]); IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs); /* Allow access only to FH/CSR/HBUS in direct mode. Since we don't have the upper bounds for the CSR and HBUS segments, we will use only the upper bound of FH for sanity check. */ cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]); if ((cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32 || cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32 || cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8) && (ofs >= FH_MEM_UPPER_BOUND)) { IWL_ERR(priv, "offset out of segment (0x0 - 0x%x)\n", FH_MEM_UPPER_BOUND); return -EINVAL; } switch (cmd) { case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: val32 = iwl_read_direct32(trans(priv), ofs); IWL_INFO(priv, "32bit value to read 0x%x\n", val32); skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, 20); if (!skb) { IWL_ERR(priv, "Memory allocation fail\n"); return -ENOMEM; } NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32); status = cfg80211_testmode_reply(skb); if (status < 0) IWL_ERR(priv, "Error sending msg : %d\n", status); break; case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32: if (!tb[IWL_TM_ATTR_REG_VALUE32]) { IWL_ERR(priv, "Missing value to write\n"); return -ENOMSG; } else { val32 = nla_get_u32(tb[IWL_TM_ATTR_REG_VALUE32]); IWL_INFO(priv, "32bit value to write 0x%x\n", val32); iwl_write_direct32(trans(priv), ofs, val32); } break; case IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8: if (!tb[IWL_TM_ATTR_REG_VALUE8]) { IWL_ERR(priv, "Missing value to write\n"); return -ENOMSG; } else { val8 = nla_get_u8(tb[IWL_TM_ATTR_REG_VALUE8]); IWL_INFO(priv, "8bit value to write 0x%x\n", val8); iwl_write8(trans(priv), ofs, val8); } break; default: IWL_ERR(priv, "Unknown testmode register command ID\n"); return -ENOSYS; } return status; nla_put_failure: kfree_skb(skb); return -EMSGSIZE; }
/* * This function handles the user application commands to the ucode. * * It retrieves the mandatory fields IWL_TM_ATTR_UCODE_CMD_ID and * IWL_TM_ATTR_UCODE_CMD_DATA and calls to the handler to send the * host command to the ucode. * * If any mandatory field is missing, -ENOMSG is replied to the user space * application; otherwise, waits for the host command to be sent and checks * the return code. In case or error, it is returned, otherwise a reply is * allocated and the reply RX packet * is returned. * * @hw: ieee80211_hw object that represents the device * @tb: gnl message fields from the user space */ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb) { struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); struct iwl_host_cmd cmd; struct iwl_rx_packet *pkt; struct sk_buff *skb; void *reply_buf; u32 reply_len; int ret; bool cmd_want_skb; memset(&cmd, 0, sizeof(struct iwl_host_cmd)); if (!tb[IWL_TM_ATTR_UCODE_CMD_ID] || !tb[IWL_TM_ATTR_UCODE_CMD_DATA]) { IWL_ERR(priv, "Missing ucode command mandatory fields\n"); return -ENOMSG; } cmd.flags = CMD_ON_DEMAND | CMD_SYNC; cmd_want_skb = nla_get_flag(tb[IWL_TM_ATTR_UCODE_CMD_SKB]); if (cmd_want_skb) cmd.flags |= CMD_WANT_SKB; cmd.id = nla_get_u8(tb[IWL_TM_ATTR_UCODE_CMD_ID]); cmd.data[0] = nla_data(tb[IWL_TM_ATTR_UCODE_CMD_DATA]); cmd.len[0] = nla_len(tb[IWL_TM_ATTR_UCODE_CMD_DATA]); cmd.dataflags[0] = IWL_HCMD_DFL_NOCOPY; IWL_DEBUG_INFO(priv, "testmode ucode command ID 0x%x, flags 0x%x," " len %d\n", cmd.id, cmd.flags, cmd.len[0]); ret = iwl_dvm_send_cmd(priv, &cmd); if (ret) { IWL_ERR(priv, "Failed to send hcmd\n"); return ret; } if (!cmd_want_skb) return ret; /* Handling return of SKB to the user */ pkt = cmd.resp_pkt; if (!pkt) { IWL_ERR(priv, "HCMD received a null response packet\n"); return ret; } reply_len = le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK; skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy, reply_len + 20); reply_buf = kmalloc(reply_len, GFP_KERNEL); if (!skb || !reply_buf) { kfree_skb(skb); kfree(reply_buf); return -ENOMEM; } /* The reply is in a page, that we cannot send to user space. */ memcpy(reply_buf, &(pkt->hdr), reply_len); iwl_free_resp(&cmd); NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf); return cfg80211_testmode_reply(skb); nla_put_failure: IWL_DEBUG_INFO(priv, "Failed creating NL attributes\n"); return -ENOMSG; }